From b7c66de0b8a80cae38178319b1934fce3ac6789c Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Wed, 5 Jul 2023 14:55:03 +0800
Subject: [PATCH] allow init_t create fifo file in net_conf dir.

---
 ...t_t-create-fifo-file-in-net_conf-dir.patch | 25 +++++++++++++++++++
 selinux-policy.spec                           |  6 ++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 allow-init_t-create-fifo-file-in-net_conf-dir.patch

diff --git a/allow-init_t-create-fifo-file-in-net_conf-dir.patch b/allow-init_t-create-fifo-file-in-net_conf-dir.patch
new file mode 100644
index 0000000..89a9896
--- /dev/null
+++ b/allow-init_t-create-fifo-file-in-net_conf-dir.patch
@@ -0,0 +1,25 @@
+From b00033d4825cfc3ae9787c94ffa7e5408acf9a4b Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Sun, 29 Jan 2023 00:36:01 +0800
+Subject: [PATCH] allow init_t create fifo file in net_conf dir
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ policy/modules/system/init.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
+index 8b84aa1..15b57a7 100644
+--- a/policy/modules/system/init.te
++++ b/policy/modules/system/init.te
+@@ -872,6 +872,7 @@ optional_policy(`
+ 
+ optional_policy(`
+     sysnet_filetrans_cloud_net_conf(init_t)
++    manage_fifo_files_pattern(init_t, net_conf_t, net_conf_t)
+ ')
+ 
+ optional_policy(`
+-- 
+2.33.0
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index da51cb9..26b4791 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 35.5
-Release: 16
+Release: 17
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -199,6 +199,7 @@ Patch9001: fix-context-of-usr-bin-rpmdb.patch
 Patch9002: Add-permission-open-to-files_read_inherited_tmp_file.patch
 Patch9003: allow-httpd-to-put-files-in-httpd-config-dir.patch
 Patch9004: allow-map-postfix_master_t.patch
+Patch9005: allow-init_t-create-fifo-file-in-net_conf-dir.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -864,6 +865,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Jul 5 2023 jinlun<jinlun@huawei.com> - 35.5-17
+- allow init_t create fifo file in net_conf dir.
+
 * Wed Mar 22 2023 jinlun<jinlun@huawei.com> - 35.5-16
 - backport patch Allow virt_domain read device sysctls
                  Allow icecast rename its log files
-- 
Gitee